Napredna pretraga

Pregled bibliografske jedinice broj: 866057

Authentication approach using one-time challenge generation based on user behavior patterns captured in transactional data sets


Skračić, Kristian; Pale, Predrag; Kostanjčar, Zvonko
Authentication approach using one-time challenge generation based on user behavior patterns captured in transactional data sets // Computers & security, 67 (2017), 107-121 doi:10.1016/j.cose.2017.03.002 (međunarodna recenzija, članak, znanstveni)


Naslov
Authentication approach using one-time challenge generation based on user behavior patterns captured in transactional data sets

Autori
Skračić, Kristian ; Pale, Predrag ; Kostanjčar, Zvonko

Izvornik
Computers & security (0167-4048) 67 (2017); 107-121

Vrsta, podvrsta i kategorija rada
Radovi u časopisima, članak, znanstveni

Ključne riječi
User authentication ; One-time challenge generation ; User behavior profiling ; Transactional data set patterns ; Knowledge-based authentication ; Question-based authentication

Sažetak
Knowledge-based authentication methods have become increasingly popular, where they started as simple passwords, before evolving into static questions for fallback authentication and graphical password-based systems. Question-based authentication methods are typically based on static or slowly changing data sources, thereby making them vulnerable to eavesdropping, wiretapping, and other types of attacks. Thus, an alternative approach is needed to create an authentication challenge that could compete with other authentication factors: hardware tokens and biometrics. In this study, we propose a new authentication approach that exploits the user behavior patterns captured in non-public data sources to create unique, one-time challenges. We propose: (i) a model that is capable of representing user behavior patterns in a wide range of user activities captured from various data sources and (ii) a method for creating unique one-time challenges based on the model. We tested the model and the method based on multiple non-public data sources such as bank transactions, phone logs, computer usage data, and e-mail correspondence. We also demonstrated its efficacy with a live user pool. Security analysis indicated the full resilience of the proposed method against eavesdropping as well as its adaptability in response to guessing attacks by dynamically increasing the complexity of the challenge.

Izvorni jezik
Engleski

Znanstvena područja
Računarstvo



POVEZANOST RADA


Projekt / tema
HRZZ-UIP-2014-09-5349 - Algoritmi za mjerenje sustavskog rizika (Zvonko Kostanjčar, )

Ustanove
Fakultet elektrotehnike i računarstva, Zagreb

Časopis indeksira:


  • Current Contents Connect (CCC)
  • Web of Science Core Collection (WoSCC)
    • Science Citation Index Expanded (SCI-EXP)
    • SCI-EXP, SSCI i/ili A&HCI
  • Scopus


Citati